package auth

/**
* @author rocco
* Superclass that provides methods usually needed for restricting access to several views
*/
abstract class AuthBaseController {
	
	/**
	 * hasPerms can be used in any action that if called after the interceptor to
	 * handle additional logic that is based on users permissions
	 */
	def hasPerms = false //default value
	
	
	/**
	* Checks wether the session-user is also the user, assigned to a requested object.
	* Grants permissions to owners and admins.
	*
	* @attr Class Domain REQUIRED The domain class, that the requested object belongs to
	* @attr String userattr REQUIRED This is the name of the field, that references a
	* 		user instance defined in the given Domain-class
	* @return None, or redirect to home
	*/
   def hasPerms(Class Domain, String userattr) {
	   assert session.user != null, 'Please use a filter to make sure users are logged in when calling this action!'
	   def objInstance = Domain.get( params.id )
	   
	   if(!objInstance) {
		   hasPerms = false
		   flash.message = "Sorry, das sollte nicht passieren."
		   redirect(uri:"/")
	   }
	   else if( session.user.id == objInstance.getProperty(userattr).id ){
		   hasPerms = true
		   return
	   }
	   else if( session.user.role == "admin"){
		   hasPerms = true
		   return
	   }
	   else {
		   hasPerms = false
		   flash.message = "Du hast nicht genug Rechte um diese Operation durchzuf&uuml;hren."
		   redirect(uri:"/")
	   }
   }
   
   
}
